Regarding #2:
You're right. I've tried on identical 12.04 LTS 64bit.
Vulnurable on Xeon E5654
Not vulnurable on Xeon E5345
Both machines are paravirtualizes Xen DomU, so it looks like the system is vulnurable by the availability of sse4 only. It looks like the existence of Xen virtualizationlayer doesn't matter.